ext4 crypto: enforce crypto policy restrictions on cross-renames

Thanks to Chao Yu <[email protected]> for pointing out the need for
this check.

Signed-off-by: Theodore Ts'o <[email protected]>

diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 1e7d65d7e6d717562cb3b0cceafdcc0493f41386..401b099e3af3c5de4fd72ed549aa0bdc0ad65ce6 100644 (file)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -3647,6 +3647,15 @@ static int ext4_cross_rename(struct inode *old_dir, struct dentry *old_dentry,
        u8 new_file_type;
        int retval;
 
+       if ((ext4_encrypted_inode(old_dir) ||
+            ext4_encrypted_inode(new_dir)) &&
+           (old_dir != new_dir) &&
+           (!ext4_is_child_context_consistent_with_parent(new_dir,
+                                                          old.inode) ||
+            !ext4_is_child_context_consistent_with_parent(old_dir,
+                                                          new.inode)))
+               return -EPERM;
+
        dquot_initialize(old.dir);
        dquot_initialize(new.dir);